From owner-freebsd-questions@freebsd.org Mon Mar 11 16:03:11 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E23B1524A5F for ; Mon, 11 Mar 2019 16:03:11 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 7FC696D9EB for ; Mon, 11 Mar 2019 16:03:10 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from point.uchicago.edu (point.uchicago.edu [128.135.52.6]) by kicp.uchicago.edu (Postfix) with ESMTP id C8598718051 for ; Mon, 11 Mar 2019 11:03:04 -0500 (CDT) Subject: Re: Barebone kernel options request To: freebsd-questions@freebsd.org References: <20190311080756.6191bb55.freebsd@edvax.de> <23686.24032.265558.282058@jerusalem.litteratus.org> <20190311155608.GB99810@rpi3.zyxst.net> From: Valeri Galtsev Message-ID: <413d100f-6bb5-e59c-abed-b32b1842635f@kicp.uchicago.edu> Date: Mon, 11 Mar 2019 11:03:04 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 MIME-Version: 1.0 In-Reply-To: <20190311155608.GB99810@rpi3.zyxst.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 7FC696D9EB X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dmarc=fail reason="" header.from=uchicago.edu (policy=none) X-Spamd-Result: default: False [1.28 / 15.00]; ARC_NA(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.22)[-0.223,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.68)[0.679,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.01)[country: US(-0.07)]; NEURAL_SPAM_SHORT(0.75)[0.748,0]; MX_GOOD(-0.01)[kicp.uchicago.edu]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2019 16:03:11 -0000 On 3/11/19 10:56 AM, tech-lists wrote: > On Mon, Mar 11, 2019 at 01:54:48PM +0000, Carmel NY wrote: > >> Just out of some sort of morbid curiosity, I would be interested in >> knowing exactly what problem the OP is trying to correct or alleviate >> here. If his storage, memory or whatever resources are stretched to the >> limit, he would be better served by purchasing a newer, more powerful >> machine. "You can't make a silk purse out of a sow's ear." > > I dunno if this applies to the OP but I also compile custom kernels and > world for some machines. My basic reasons: > > 1. I want available only what is needed, for the os/machine's purpose, > so that there's more resources for the machine's job. Each disabled > option means that some resource of some type, however tiny, becomes > available. These add up. > > 2. Having only what you need means you have less to maintain, which is > important for security. I guess it makes the "vulnerability surface" > smaller, at least in theory. I mostly achieve that by running these things in jails. Sometimes I have multiple jails representing one "server" - with the same IP, say, these may be in separate jails: shell (where users can ssh to), www, mail, mail/spam filter. Just my $0.02 Valeri > > 3. It might be the case that the machine I'm maintaining isn't mine, so > the option to "buy better hardware" is out of the question. > > Being able to tailor the OS for exactly the requirement in hand is a > major plus point in favour of FreeBSD for me. point #2 above is > particularly relevant for an internet-facing machine. -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++